Cisco CyberOps Associate → <div class="curriculum-container"> <h4 style="font-weight: 500; color: #333;">Management Concepts in Security</h4> <ul> <li>Asset and Configuration management</li> <li>Mobile Device Management (MDM)</li> <li>Patch and Vulnerability management</li> </ul> <h4 style="font-weight: 500; color: #333;">Incident Handling (NIST SP 800-61)</h4> <ul> <li>NIST SP 800-61 Response Plan</li> <li>The Incident Handling Process</li> <li>Preparation and Detection analysis</li> <li>Containment, Eradication, and Recovery</li> <li>Post-incident analysis and Lessons learned</li> </ul> <h4 style="font-weight: 500; color: #333;">Digital Forensics (NIST SP 800-86)</h4> <ul> <li>Evidence collection order and Volatility</li> <li>Data integrity and Preservation techniques</li> <li>Volatile data collection (RAM and Network state)</li> </ul> <h4 style="font-weight: 500; color: #333;">Network and Server Profiling</h4> <ul> <li>Network profiling: Throughput, Session duration, and Ports</li> <li>Critical asset address space identification</li> <li>Server profiling: Listening ports and Running processes</li> <li>Logged-in users, Service accounts, and Tasks</li> </ul> <h4 style="font-weight: 500; color: #333;">Data Privacy and Classification</h4> <ul> <li>Personally Identifiable Information (PII)</li> <li>Personal Security Information (PSI)</li> <li>Protected Health Information (PHI)</li> <li>Intellectual Property (IP) protection</li> </ul> <h4 style="font-weight: 500; color: #333;">Intrusion Event Classification Models</h4> <ul> <li>The Cyber Kill Chain Model</li> <li>The Diamond Model of Intrusion Analysis</li> </ul> <h4 style="font-weight: 500; color: #333;">SOC Metrics and Scope Analysis</h4> <ul> <li>Mean Time to Detect (MTTD)</li> <li>Mean Time to Contain (MTTC)</li> <li>Mean Time to Respond (MTTR)</li> <li>Time to Control analysis</li> </ul> </div>

Curriculum

6 Sections
9 Lessons
8 Hours

Expand all sectionsCollapse all sections

Introduction to CyberOps Associate
4
Introduction to Security Concepts
1
- 2.1
  Understanding the CIA Triad
  
  Confidentiality
  
  Integrity
  
  Availability
  
  Trading Availability for security
  
  Security Standards
  
  National Institute of Standards and Technology (NIST)
  
  International Organization of Standardization (ISO)
  
  Common Security Terms and Concepts
  
  Assets, Threat, and Vulnerability
  
  Common Vulnerabilities and Exposures (CVE)
  
  US-CERT and MITRE
  
  Exploit and Threat Intelligence (TI)
  
  Threat hunting and Malware analysis
  
  Threat actor and Run book automation (RBA)
  
  Reverse engineering
  
  Sliding window anomaly detection
  
  Principle of least privilege
  
  Zero trust
  
  Threat intelligence platform (TIP)
  
  Risk management
  
  Security Deployments
  
  Network, endpoint, and application security systems
  
  Agentless and agent-based protections
  
  Legacy antivirus and antimalware
  
  SIEM, SOAR, and log management
  
  Defense-in-Depth
  
  DoD Two Door policy
  
  Layered defense principles
  
  Access Control Models
  
  Discretionary access control (DAC)
  
  Mandatory access control (MAC)
  
  Nondiscretionary access control
  
  Authentication, Authorization, Accounting (AAA)
  
  Rule-based and Time-based access control
  
  Role-based access control (RBAC)
  
  Common Vulnerability Scoring System (CVSS)
  
  Introduction to CVSS Scoring
  
  Attack vector and Attack complexity
  
  Privileges required and User interaction
  
  Scope
  
  S-tuple Approach
  
  Isolate compromised host
  
  Rule-based, behavioral, and statistical detection
Security Monitoring
1
- 3.1
  Attack Surface and Vulnerability Management
  
  Security effect on data visibility
  
  Access control list (ACL)
  
  NAT/PAT
  
  Tunneling and TOR
  
  Encryption and Encapsulation
  
  P2P and Load balancing
  
  Data Types in Security Monitoring
  
  Full packet capture
  
  Session and Transaction data
  
  Statistical and Metadata
  
  Alert data
  
  Network and Web Application Attacks
  
  Protocol-based attacks
  
  Denial of Service (DoS) and DDoS
  
  Man-in-the-Middle (MitM)
  
  SQL Injection and Command Injections
  
  Cross-site Scripting (XSS)
  
  Endpoint and Social Engineering
  
  Social engineering techniques
  
  Buffer overflows
  
  Command and Control (C2)
  
  Malware and Ransomware
  
  Certificates and PKI
  
  Public Key Infrastructure (PKI)
  
  Asymmetric and Symmetric encryption
  
  Public/Private key crossing the network
  
  Certificate Components
  
  Cipher-suites and Protocol versions
  
  X.509 certificates
  
  Key exchange mechanisms
  
  PKCS standards
Host-Based Security
1
- 4.1
  Endpoint Technologies and Protection
  
  Host-based Intrusion Detection Systems (HIDS)
  
  Antimalware and Antivirus solutions
  
  Host-based Firewalls
  
  Application-level listing and block listing
  
  Systems-based sandboxing (Chrome, Java, Adobe Reader)
  
  Operating System Components and Attack Vectors
  
  Trusted Platform Module (TPM)
  
  Understanding Attack Vectors
  
  Cyber Attribution and Asset identification
  
  Threat actors and their motivations
  
  Forensics and Indicators
  
  Indicators of Compromise (IoC)
  
  Indicators of Attack (IoA)
  
  Chain of Custody procedures
  
  Evidence Types and Log Analysis
  
  Best evidence vs. Corroborative evidence
  
  Indirect evidence in digital investigations
  
  Log interpretation and Event identification
  
  Disk image inspection (Tampered vs. Untampered)
  
  Malware Analysis and Networking
  
  Malware analysis tools and techniques
  
  Using Hashes and URLs for identification
  
  Correlation of Systems, Events, and Networking
Network Intrusion Analysis
1
- 5.1
  Intrusion Event Identification
  
  Intrusion Detection and Prevention Systems (IDS/IPS)
  
  Firewall and Network Application Control
  
  Proxy logs and Antivirus integration
  
  Transaction data and NetFlow analysis
  
  Cybersecurity Impact and Detection Accuracy
  
  Understanding False Positives and False Negatives
  
  True Positives, True Negatives, and Benign events
  
  Packet Filtering and Inspection
  
  Layer 3 Packet filtering
  
  Stateful Firewall vs. Deep Packet Inspection (DPI)
  
  Inline traffic interrogation vs. Network Taps
  
  Network Taps vs. Transactional Data (NetFlow)
  
  Traffic Analysis and PCAP Files
  
  Extracting files from a TCP stream
  
  Introduction to PCAP files and Wireshark
  
  Identifying intrusion using Source/Destination Address and Ports
  
  Analyzing Protocol Payloads
  
  Protocol Header Analysis
  
  Ethernet Frames, IPv4, and IPv6
  
  Transport Layer: TCP, UDP, and ICMP
  
  Application Layer: DNS, SMTP, POP3, IMAP, and HTTP/HTTPS/HTTP2
  
  Address Resolution Protocol (ARP)
  
  Alert Identification and Regular Expressions
  
  Identifying alerts from IP addresses and Port identities
  
  Process monitoring (File and Registry)
  
  System level analysis (API calls and Hashes)
  
  URI / URL analysis
  
  Interpreting basic Regular Expressions (Regex) for security monitoring
Security Policies and Procedures
1
- 6.1
  Management Concepts in Security
  
  Asset and Configuration management
  
  Mobile Device Management (MDM)
  
  Patch and Vulnerability management
  
  Incident Handling (NIST SP 800-61)
  
  NIST SP 800-61 Response Plan
  
  The Incident Handling Process
  
  Preparation and Detection analysis
  
  Containment, Eradication, and Recovery
  
  Post-incident analysis and Lessons learned
  
  Digital Forensics (NIST SP 800-86)
  
  Evidence collection order and Volatility
  
  Data integrity and Preservation techniques
  
  Volatile data collection (RAM and Network state)
  
  Network and Server Profiling
  
  Network profiling: Throughput, Session duration, and Ports
  
  Critical asset address space identification
  
  Server profiling: Listening ports and Running processes
  
  Logged-in users, Service accounts, and Tasks
  
  Data Privacy and Classification
  
  Personally Identifiable Information (PII)
  
  Personal Security Information (PSI)
  
  Protected Health Information (PHI)
  
  Intellectual Property (IP) protection
  
  Intrusion Event Classification Models
  
  The Cyber Kill Chain Model
  
  The Diamond Model of Intrusion Analysis
  
  SOC Metrics and Scope Analysis
  
  Mean Time to Detect (MTTD)
  
  Mean Time to Contain (MTTC)
  
  Mean Time to Respond (MTTR)
  
  Time to Control analysis

Log in

Cisco CyberOps Associate

Curriculum

Understanding the CIA Triad

Security Standards

Common Security Terms and Concepts

Security Deployments

Defense-in-Depth

Access Control Models

Common Vulnerability Scoring System (CVSS)

S-tuple Approach

Attack Surface and Vulnerability Management

Data Types in Security Monitoring

Network and Web Application Attacks

Endpoint and Social Engineering

Certificates and PKI

Certificate Components

Endpoint Technologies and Protection

Operating System Components and Attack Vectors

Forensics and Indicators

Evidence Types and Log Analysis

Malware Analysis and Networking

Intrusion Event Identification

Cybersecurity Impact and Detection Accuracy

Packet Filtering and Inspection

Traffic Analysis and PCAP Files

Protocol Header Analysis

Alert Identification and Regular Expressions

Management Concepts in Security

Incident Handling (NIST SP 800-61)

Digital Forensics (NIST SP 800-86)

Network and Server Profiling

Data Privacy and Classification

Intrusion Event Classification Models

SOC Metrics and Scope Analysis

Sales

Phone

Fax

WY Office: 1712 Pioneer Avenue, Suite 135 Cheyenne WY 82001

CA Office:1001 Wilshire Boulevard #1071 Los Angeles, CA 90017